PDF specs allow files to be embedded, executables to be launched and of course javascript is enabled by default (Foxit does that too), why are people surprised when there are frequent security problems with it.

Their advisory is kinda useless too when no information on workarounds and mitigating factors are included, e.g., does disabling scripting help, or can it break out of IE's protected mode in Vista/W7.

The next version of Acrobat will run in protected mode but maybe they should also nuke and trim the specs too.